Intel471 writes: When it comes to attributing malicious cyber activity, there are two buckets by which actors generally fall in: “financially-motivated” or “nation-state.” The former is ultimately interested in money, while the latter is more concerned with obtaining or exploiting sensitive information to gain an advantage over a government or commercial entity. For the past…
Category: Commentaries and Analyses
Au: Victoria’s child protection department misled watchdogs after sex offender Alex Jones CRISSP data breach
Josie Taylor and ABC Investigations’ Sarah Curnow report: Victorian child protection authorities misled the state’s privacy watchdog during an investigation of a data breach involving a sex offender and dozens of vulnerable children, telling the Office of the Victorian Information Commissioner it had contacted all affected children when it had not. The state’s commissioner for…
New Evil Corp ransomware mimics PayloadBin gang to evade US sanctions
Lawrence Abrams reports: The new PayloadBIN ransomware has been attributed to the Evil Corp cybercrime gang, rebranding to evade sanctions imposed by the US Treasury Department’s Office of Foreign Assets Control (OFAC). The Evil Corp gang, also known as Indrik Spider and the Dridex gang, started as an affiliate for the ZeuS botnet. Over time,…
GA: Hundreds of peoples’ medical records from Hope Medical found along a road
Justin Gray reports: Medical records for hundreds of patients were found dumped along the side of a road in South Fulton County. Channel 2 Action News has learned that those records contained everything from Social Security numbers to private medical information. Channel 2 investigative reporter Justin Gray tracked down where the records came from. Hope Medical told…
Van Buren is a Victory Against Overbroad Interpretations of the CFAA, and Protects Security Researchers
Aaron Mackey and Kurt Opsahl of EFF write: The Supreme Court’s Van Buren decision today overturned a dangerous precedent and clarified the notoriously ambiguous meaning of “exceeding authorized access” in the Computer Fraud and Abuse Act, the federal computer crime law that’s been misused to prosecute beneficial and important online activity. The decision is a victory for all Internet…
Hackers Breached Colonial Pipeline Using Compromised Password
William Turton and Kartikay Mehrotra report: The hack that took down the largest fuel pipeline in the U.S. and led to shortages across the East Coast was the result of a single compromised password, according to a cybersecurity consultant who responded to the attack. Hackers gained entry into the networks of Colonial Pipeline Co. on…